RFR: 8340954: Add SECURITY.md file
Andy Goryachev
angorya at openjdk.org
Wed Sep 25 21:21:40 UTC 2024
On Wed, 25 Sep 2024 21:08:41 GMT, Kevin Rushforth <kcr at openjdk.org> wrote:
> A `SECURITY.md` file was recently added to the jdk repo. GitHub will show that policy if you click on the ["Security" tab](https://github.com/openjdk/jdk/security) of the jdk repo -- If you are logged in, you may need to further click on the ["Policy" tab](https://github.com/openjdk/jdk/security/policy).
>
> We need a copy of this file in the jfx repo, so that similarly, you will see the policy if you click on the ["Security" tab](https://github.com/openjdk/jfx/security) of the jfx repo -- if you are logged in, you may need to further click on the ["Policy" tab](https://github.com/openjdk/jfx/security/policy).
>
> The `SECURITY.md` file in this PR is identical to the one in the jdk repo, with "JDK" replaced by "JavaFX" in two places (the section header and the name of the software).
>
> See openjdk/jdk#21155 for more details.
SECURITY.md line 3:
> 1: # JavaFX Vulnerabilities
> 2:
> 3: Please follow the process outlined in the [OpenJDK Vulnerability Policy](https://openjdk.org/groups/vulnerability/report) to disclose vulnerabilities in JavaFX.
since FX is not technically a part of JDK, should it point to a separate (new) page instead of https://openjdk.org/groups/vulnerability/report ?
-------------
PR Review Comment: https://git.openjdk.org/jfx/pull/1578#discussion_r1776005344
More information about the openjfx-dev
mailing list